Agreements for Purchase of SaaS or for SaaS Free Trial

THIS AGREEMENT (“AGREEMENT”) IS BETWEEN THE CUSTOMER WHO ORDERS SAAS (“CUSTOMER”) AND EntIT Software LLC (“EntIT”). Customer’s use of and access to SaaS is governed by this Agreement and the terms of Customer’s Order. BY USING OR ACCESSING SAAS, OR BY CHOOSING THE “I ACCEPT” OPTION FOR THESE TERMS, YOU AGREE TO THE TERMS BELOW. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF ANOTHER PERSON OR A LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND THAT PERSON OR LEGAL ENTITY TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE OR ACCESS SAAS.

The following terms apply if you are ordering in a country outside of the European Union or Switzerland:

EntIT CUSTOMER TERMS - SOFTWARE-AS-A-SERVICE

Scope and Parties. These EntIT Customer Terms for Software-as-a-Service (the “Agreement”) govern the purchase, access and use of software-as-a-service from EntIT Software LLC (“EntIT”) by the Customer entity identified below (“Customer”). The terms of this Agreement become effective when EntIT accepts Customer’s order, upon renewal of an order or upon Customer’s use of EntIT SaaS (defined below) (“Effective Date”), and will remain in effect unless terminated pursuant to section 19 (Termination).

ENTIT Software-as-a-Service. “EntIT Software-as-a-Service” or “EntIT SaaS” mean the EntIT branded online software solutions that EntIT makes available for Customer use through a network connection, each as described in the applicable supporting material and other exhibits or attachments that are each made a part of this Agreement (collectively, “Supporting Material”). The terms for use of each EntIT SaaS is stated in the Supporting Material. Supporting Material may include service descriptions, data sheets, statements of work and their applicable exhibits, addenda, and attachments which may be available to Customer in hard copy or by accessing an EntITwebsite. In the event of a conflict, Supporting Material takes precedence over this Agreement.

Orders. Customer may place orders for EntIT SaaS through our website, customer-specific portal, or by letter, fax, or e-mail (each upon EntITs acceptance, an “Order”). The term of each EntIT SaaS subscription is stated in the applicable Order or Supporting Material and begins on the date that EntIT SaaS is made available to Customer (“SaaS Order Term”).

Access Rights. During the applicable SaaS Order Term, Customer may access and use EntIT SaaS in accordance with the applicable Supporting Material and this Agreement. Customer is responsible for complying with the terms of this Agreement and the Supporting Material. Customer is responsible for any and all use of EntIT SaaS through Customer’s credentials or any account that Customer may establish. Customer agrees to maintain the confidentiality of Customer’s account, credentials, and any passwords necessary to use EntIT SaaS. Should Customer believe that there has been unauthorized use of Customer’s account, credentials, or passwords, Customer must immediately notify EntIT.

Usage Limitations. EntIT SaaS may be used only for Customer’s internal business purposes and not for commercialization. Customer will not: (i) exceed any usage limitations identified in the Supporting Material; (ii) except to the extent expressly permitted in Supporting Material, sell, resell, license, sublicense, lease, rent, or distribute EntIT SaaS or include EntITSaaS as a service or outsourcing offering, or make any portion of EntIT SaaS available for the benefit of any third party; (iii) copy or reproduce any portion, feature, function, or user interface of EntIT SaaS; (iv) interfere with or disrupt the integrity or performance of EntIT SaaS; (v) use EntIT SaaS to submit, send, or store Customer-provided SaaS Data that is obscene, threatening, libelous or otherwise unlawful or tortuous material, violates any third party’s privacy rights, or infringes upon or misappropriates intellectual property rights; (vi) use EntIT SaaS to disrupt or cause harm to a third party’s system or environment; (vii) access EntIT SaaS to build a competitive product or service; or (viii) reverse engineer EntIT SaaS. Customer is responsible for complying with all terms of use for any software, content, service, or website it loads, creates, or accesses when using EntIT SaaS.

Payment terms.

a. Prices and Taxes. Prices will be as quoted in writing by EntIT or, in the absence of a written quote, as set out on our website, customer-specific portal, or EntIT published list price at the time an order is submitted to EntIT. Prices are exclusive of taxes, duties, and fees unless otherwise quoted. If a withholding tax is required by law, please contact EntIT order representative to discuss appropriate procedures.

b. Invoices and Payment. Customer agrees to pay all invoiced amounts within thirty (30) days of EntIT’s invoice date. EntIT may suspend or cancel performance of open Orders or services if Customer fails to make payments when due.

Customer-provided SaaS Data. Customer is solely responsible for the data, text, audio, video, images, software, and other content input into an EntIT system or environment during Customer’s access or use of EntIT SaaS (“Customer-provided SaaS Data”). As between EntIT and Customer, Customer is and will remain the sole and exclusive owner of all right, title, and interest in and to all Customer-provided SaaS Data. Customer hereby provides to EntIT all necessary rights to Customer-provided SaaS Data to enable EntIT to provide EntIT SaaS. EntIT will use Customer-provided SaaS Data only as necessary to provide EntIT SaaS, technical support, or as otherwise required by law.

Personal Data.

a. If, in the course of providing EntIT SaaS, EntIT agrees in writing to process Customer Personal Data, EntIT shall process such data only as permitted under this Agreement and in compliance with data protection legislation to which EntIT is subject as a service provider and processor of Customer Personal Data.

b. “Customer Personal Data” means personal data of which Customer or its affiliates is the controller and which EntIT processes in the course of providing EntIT SaaS. The terms “controller”, “processor”, “process”, “processed”, “processing”, and “personal data” used in this Agreement shall be as defined by EU Directive 95/46/EC, unless otherwise defined by applicable data protection legislation.

EntIT SaaS Performance and Operations. EntIT’s ability to deliver EntIT SaaS will depend on Customer’s reasonable and timely cooperation and the accuracy and completeness of any information from Customer needed to deliver EntIT SaaS.

EntIT SaaS Operations. So long as during the SaaS Order Term, EntIT does not materially degrade the functionality, as described in Supporting Material, of EntIT SaaS: (i) EntIT may modify the systems and environment used to provide EntIT SaaS; and (ii) EntIT reserves the right to make any changes to EntIT SaaS that it deems necessary or useful to maintain or enhance the quality or delivery of EntIT’s services to its customers, the competitive strength of or market for EntIT’s services, or EntIT SaaS’ cost efficiency or performance. EntIT may use global resources, such as EntIT affiliates or third parties in worldwide locations to provide EntIT SaaS and perform its obligations.

License Grant to Software in connection with EntIT SaaS. To the extent that EntIT provides software in connection with EntIT SaaS, EntIT grants Customer a non-exclusive and non-transferable license to use the version or release of the EntIT-branded software listed in the Order or the applicable Supporting Material (the “Licensed Software”) during the SaaS Order Term. Unless otherwise stated in writing, Customer may only use the Licensed Software for internal purposes and not for further commercialization. Customer may make a copy or adaptation of the Licensed Software only for archival purposes or when it is an essential step in the authorized use of the Licensed Software. Customer agrees that it will not modify, reverse engineer, disassemble, decrypt, decompile, or make derivative works of any Licensed Software unless permitted by statute, in which case Customer will provide EntIT with reasonably detailed information about those activities. For non-EntIT branded software, the third party’s license terms will govern its use. EntIT may monitor and audit Customer use of the Licensed Software and compliance with any associated license terms and, if EntIT makes a license management program available, Customer agrees to install and use it within a reasonable period of time. Customer may not sublicense, assign, transfer, rent, or lease the Licensed Software except as permitted in writing by EntIT.

Warranty: EntIT WILL PERFORM EntIT SAAS BY QUALIFIED PERSONNEL AND IN A WORKMANLIKE MANNER CONSISTENT WITH THE SUPPORTING MATERIAL. TO THE EXTENT PERMITTED BY LAW, EntIT DISCLAIMS ALL OTHER WARRANTIES. EntIT DOES NOT WARRANT THAT EntIT SAAS WILL BE UNINTERRUPTED OR ERROR FREE. IF EntITT PROVIDES CUSTOMER WITH A FREE-OF-CHARGE SAAS ORDER TERM, INCLUDING BUT NOT LIMITED TO EntIT SAAS PROVIDED ON AN EVALUATION OR “FREEMIUM” BASIS, EntIT SAAS IS PROVIDED “AS IS” AND TO THE EXTENT PERMITTED BY LAW, EntIT DISCLAIMS ALL WARRANTIES AND LIABILITY.

Intellectual Property Rights. No transfer of ownership of any intellectual property will occur under this Agreement. Customer grants EntIT a non-exclusive, worldwide, royalty-free right and license to any intellectual property, including Customer-provided SaaS Data, that is necessary for EntIT and its designees to perform EntIT SaaS.

Intellectual Property Rights Infringement. EntIT will defend and/or settle any claims against Customer that allege that an EntIT-branded product or service as supplied under this Agreement infringes the intellectual property rights of a third party. EntITwill rely on Customer’s prompt notification of the claim and cooperation with our defense. EntIT may modify the product or service so as to be non-infringing and materially equivalent, or we may procure a license. If these options are not available, we will refund to Customer the balance of any pre-paid amount for the affected EntIT SaaS. EntIT is not responsible for claims resulting from Customer-provided SaaS Data or from any unauthorized use of the products or services. This section shall also apply to Licensed Software identified as such in the relevant Supporting Material except that EntIT is not responsible for claims resulting from Customer-provided SaaS Data, customized configurations or designs (i) performed or provided by Customer or (ii) performed at Customer’s direction. Customer will defend or indemnify EntIT from and against third party claims arising from Customer-provided SaaS Data or customized configuration or designs (i) performed or provided by Customer or (ii) performed at Customer’s direction.

Limitation of Liability. EntIT’s liability to Customer under this Agreement is limited to the greater of $1,000,000 or the amount payable by Customer to EntIT for the relevant EntIT SaaS Order that is the subject of the claim for the twelve (12) month period immediately preceding the act or omission giving rise to the claim. This limit applies collectively to EntIT, its employees, subsidiaries, contractors, and suppliers. Neither Customer nor EntIT will be liable for lost revenues or profits, downtime costs, or indirect, special, or consequential costs or damages. This provision does not limit either party’s liability for: unauthorized use of intellectual property, death or bodily injury caused by their negligence, acts of fraud, nor any liability which may not be excluded or limited by applicable law. Neither party will be liable for performance delays or for non-performance due to causes beyond its reasonable control, except for payment obligations. If EntIT provides customer with a free-of-charge SaaS Order Term, including but not limited to EntIT SaaS provided on an evaluation or “freemium” basis, EntIT SaaS is provided “as is” and to the extent permitted by law, EntIT shall not be responsible for any loss or damage to Customer, its customers, or any third parties caused by EntIT SaaS or Licensed Software that makes available for Customer.

Suspension. EntIT may suspend Customer’s access and use rights to EntIT SaaS where Customer fails to make payments when due, Customer breaches sections 4, 5, 6, 7, or 12 of this Agreement or Customer’s use of EntIT SaaS is in violation of law. Customer remains responsible for applicable fees through date of suspension including usage and data storage fees, Customer will not be entitled to service credits during any suspension period.

Termination. Either party may terminate this Agreement on written notice if the other fails to meet any material obligation and fails to remedy the breach within a reasonable period after being notified in writing of the details. If either party becomes insolvent, unable to pay debts when due, files for or is subject to bankruptcy or receivership, or asset assignment, the other party may terminate this Agreement and cancel any unfulfilled obligations. EntIT may terminate this Agreement where Customer’s access and use rights are suspended pursuant to section 17 or to comply with applicable laws or regulations. Any terms in the Agreement which by their nature extend beyond termination or expiration of the Agreement will remain in effect until fulfilled and will apply to both parties' respective successors and permitted assigns.

Effect of Expiration or Termination. Except for termination for cause, termination of this Agreement shall not entitle Customer to any refund, and payment obligations are non-cancelable. Upon expiration or termination of a SaaS Order Term, except as otherwise provided in the Supporting Material:

a. EntIT may disable all Customer access to the applicable EntIT SaaS, and Customer shall promptly return to EntIT (or at EntIT’s request destroy) any Licensed Software provided with EntITSaaS; and

b. EntIT may make available certain data in the format generally provided by EntIT, subject to the terms of the applicable Supporting Material.

General. This Agreement represents our entire understanding with respect to its subject matter and supersedes any previous communication or agreements that may exist. Modifications to this Agreement will be made only through a written amendment signed by both parties. The Agreement will be governed by the laws of the country of EntIT or the EntIT affiliate accepting the Order and the courts of that locale will have jurisdiction; however, EntIT or its affiliate may bring suit for payment in the country where the Customer affiliate that placed the Order is located. Customer and EntIT agree that the United Nations Convention on Contracts for the International Sale of Goods will not apply. Claims arising or raised in the United States will be governed by the laws of the state of California, excluding rules as to choice and conflicts of law.

The following terms apply if you are ordering in Germany:

ENTCO CUSTOMER TERMS - SOFTWARE-AS-A-SERVICE

Scope and Parties. These Entco Customer Terms for Software-as-a-Service (the “Agreement”) govern the purchase, access and use of software-as-a-service from Entco Deutschland GmbH receiving the Order (defined below) (“Entco”) by the Customer entity identified below (“Customer”). The terms of this Agreement become effective when Entco accepts Customer’s order, upon renewal of an order or upon Customer’s use of Entco SaaS (defined below) (“Effective Date”), and will remain in effect unless terminated pursuant to Section 19 (Termination).

Entco Software-as-a-Service. “Entco Software-as-a-Service” or “Entco SaaS” mean the Entco branded online software solutions that Entco makes available for Customer use through a network connection, each as described in the applicable supporting material and other exhibits or attachments that are each made a part of this Agreement (collectively, “Supporting Material”). The terms for use of each Entco SaaS is stated in the Supporting Material. Supporting Material may include service descriptions, data sheets, statements of work and their applicable exhibits, addenda, and attachments which may be available to Customer in hard copy or by accessing an Entco website. In the event of a conflict, Supporting Material takes precedence over this Agreement.

Orders. Customer may place orders for Entco SaaS through our website, customer-specific portal, or by letter, fax, or e-mail (each upon Entco’s acceptance, an “Order”). The term of each Entco SaaS subscription is stated in the applicable Order or Supporting Material and begins on the date that Entco SaaS is made available to Customer (“SaaS Order Term”).

Access Rights. During the applicable SaaS Order Term, Customer may access and use Entco SaaS in accordance with the applicable Supporting Material and this Agreement. Customer is responsible for complying with the terms of this Agreement and the Supporting Material. Customer is responsible for any and all use of Entco SaaS through Customer’s credentials or any account that Customer may establish. Customer agrees to maintain the confidentiality of Customer’s account, credentials, and any passwords necessary to use Entco SaaS. Should Customer believe that there has been unauthorized use of Customer’s account, credentials, or passwords, Customer must immediately notify Entco.

Usage Limitations. Entco SaaS may be used only for Customer’s internal business purposes and not for commercialization. Customer will not: (i) exceed any usage limitations identified in the Supporting Material; (ii) except to the extent expressly permitted in Supporting Material, sell, resell, license, sublicense, lease, rent, or distribute Entco SaaS or include Entco SaaS as a service or outsourcing offering, or make any portion of Entco SaaS available for the benefit of any third party; (iii) copy or reproduce any portion, feature, function, or user interface of Entco SaaS; (iv) interfere with or disrupt the integrity or performance of Entco SaaS; (v) use Entco SaaS to submit, send, or store Customer-provided SaaS Data that is obscene, threatening, libelous or otherwise unlawful or tortuous material, violates any third party’s privacy rights, or infringes upon or misappropriates intellectual property rights; (vi) use Entco SaaS to disrupt or cause harm to a third party’s system or environment; (vii) access Entco SaaS to build a competitive product or service; or (viii) reverse engineer Entco SaaS. Customer is responsible for complying with all terms of use for any software, content, service, or website it loads, creates, or accesses when using Entco SaaS.

Payment terms.

a. Prices and Taxes. Prices will be as quoted in writing by Entco or, in the absence of a written quote, as set out on our website, customer-specific portal, or Entco published list price at the time an order is submitted to Entco. Prices are exclusive of taxes, duties, and fees unless otherwise quoted. If a withholding tax is required by law, please contact the Entco order representative to discuss appropriate procedures.

b. Invoices and Payment. Customer agrees to pay all invoiced amounts within thirty (30) days of Entco’s invoice date.

Customer-provided SaaS Data. Customer is solely responsible for the data, text, audio, video, images, software, and other content input into an Entco system or environment (“Customer-provided SaaS Data”) during Customer’s access or use of Entco SaaS. As between Entco and Customer, Customer is and will remain the sole and exclusive owner of all right, title, and interest in and to all Customer-provided SaaS Data. Customer hereby provides to Entco all necessary rights to Customer-provided SaaS Data to enable Entco to provide Entco SaaS. Entco will use Customer-provided SaaS Data only as necessary to provide Entco SaaS, technical support, or as otherwise required by law.

Personal Data.

a. If, in the course of providing Entco SaaS, Entco agrees in writing to process Customer Personal Data, Entco shall process such data only as mutually agreed, and in compliance with data protection legislation to which Entco is subject as a service provider and processor of Customer Personal Data.

b. “Customer Personal Data” means personal data of which Customer or its affiliates is the controller and which Entco processes in the course of providing Entco SaaS. The terms “controller”, “processor”, “process”, “processed”, “processing”, and “personal data” used in this Agreement shall be as defined by EU Directive 95/46/EC, unless otherwise defined by applicable data protection legislation.

Entco SaaS Performance and Operations. Entco’s ability to deliver Entco SaaS will depend on Customer’s reasonable and timely cooperation and the accuracy and completeness of any information from Customer needed to deliver Entco SaaS.

Entco SaaS Operations. So long as during the SaaS Order Term, Entco does not materially degrade the functionality, as described in Supporting Material of Entco SaaS, Entco reserves the right: (i) to modify the systems and environment used to provide Entco SaaS; and (ii) to make any changes to Entco SaaS that it deems necessary or useful to maintain or enhance the quality or delivery of Entco’s services to its customers, the competitive strength of or market for Entco’s services, or Entco SaaS’ cost efficiency or performance. Entco may use global resources, such as Entco affiliates or third parties in worldwide locations to provide Entco SaaS and perform its obligations.

License Grant to Software in connection with Entco SaaS. To the extent that Entco provides software in connection with Entco SaaS, Entco grants Customer a non-exclusive and non-transferable license to use the version or release of the Entco-branded software listed in the Order or the applicable Supporting Material (the “Licensed Software”) during the SaaS Order Term. Unless otherwise stated in writing, Customer may only use the Licensed Software for internal purposes and not for further commercialization. Customer may make a copy or adaptation of the Licensed Software only for archival purposes or when it is an essential step in the authorized use of the Licensed Software. Customer agrees that it will not modify, reverse engineer, disassemble, decrypt, decompile, or make derivative works of any Licensed Software unless permitted by statute, in which case Customer will provide Entco with reasonably detailed information about those activities. For non-Entco branded software, the third party’s license terms will govern its use. Entco may monitor and audit Customer use of the Licensed Software and compliance with any associated license terms and, if Entco makes a license management program available, Customer agrees to install and use it within a reasonable period of time. Customer may not sublicense, assign, transfer, rent, or lease the Licensed Software except as permitted in writing by Entco.

Warranty: Entco WILL PERFORM Entco SAAS BY QUALIFIED PERSONNEL AND IN A WORKMANLIKE MANNER CONSISTENT WITH THE SUPPORTING MATERIAL. TO THE EXTENT PERMITTED BY LAW, Entco DISCLAIMS ALL OTHER WARRANTIES. Entco DOES NOT WARRANT THAT Entco SAAS WILL BE UNINTERRUPTED OR ERROR FREE. IF Entco PROVIDES CUSTOMER WITH A FREE-OF-CHARGE SAAS ORDER TERM, INCLUDING BUT NOT LIMITED TO Entco SAAS PROVIDED ON AN EVALUATION OR “FREEMIUM” BASIS, Entco SAAS IS PROVIDED “AS IS” AND TO THE EXTENT PERMITTED BY LAW, Entco DISCLAIMS ALL WARRANTIES AND LIABILITY.

Intellectual Property Rights. No transfer of ownership of any intellectual property will occur under this Agreement. Customer grants Entco a non-exclusive, worldwide, royalty-free right and license to any intellectual property, including Customer-provided SaaS Data, that is necessary for Entco and its designees to perform Entco SaaS.

Intellectual Property Rights Infringement. Entco will defend and/or settle any claims against Customer that allege that an Entco-branded product or service as supplied under this Agreement infringes the intellectual property rights of a third party. Entco will rely on Customer’s prompt notification of the claim and cooperation with our defense. Entco may modify the product or service so as to be non-infringing and materially equivalent, or we may procure a license. If these options are not available, we will refund to Customer the balance of any pre-paid amount for the affected Entco SaaS. Entco is not responsible for claims resulting from Customer-provided SaaS Data or from any unauthorized use of the products or services. This section shall also apply to Licensed Software identified as such in the relevant Supporting Material except that Entco is not responsible for claims resulting from Customer-provided SaaS Data, customized configurations or designs (i) performed or provided by Customer or (ii) performed at Customer’s direction. Customer will defend or indemnify Entco from and against third party claims arising from Customer-provided SaaS Data or customized configuration or designs (i) performed or provided by Customer or (ii) performed at Customer’s direction.

Limitation of Liability. For violation of obligations and tort, Entco and its vicarious agents are liable without limitation in case of wilful conduct and gross negligence. The same applies to malicious concealment of a defect. As far as the violation on the part of Entco and its vicarious agents is not considered as wilful or gross negligent the liability is limited to a maximum amount up to the greater of 1 mio. € or the amount payable by the Customer to Entco for the relevant Order that is the subject of the claim for the twelve month period immediately preceding the act or omission giving rise to the claim. Any further liability is excluded, in particular such for consequential damages and loss of profit or data. This limitation does not refer to damages due to unauthorized use of intellectual property, life threatening, bodily injury or adverse health effects and claims under the Product Liability Act. In case of provision of personnel for work subject to Customer’s supervision and direction, Entco shall only be liable if Entco had wilfully or gross negligently failed to choose such personnel in accordance with Customer’s requirements which had been notified to Entco in advance. Any liability shall be excluded if the damage had also occurred in case of faultless selection of such personnel.Neither party will be liable for performance delays or for non-performance due to causes beyond its reasonable control, except for payment obligations. If Entco provides customer with a free-of-charge SaaS Order Term, including but not limited to Entco SaaS provided on an evaluation or “freemium” basis, Entco SaaS is provided “as is” and to the extent permitted by law, Entco shall not be responsible for any loss or damage to Customer, its customers, or any third parties caused by Entco SaaS or the Licensed Software that Entco makes available for Customer.

Suspension. Entco may suspend Customer’s access and use rights to Entco SaaS where Customer breaches Sections 4, 5, 6, 7, or 12 of this Agreement or Customer’s use of Entco SaaS is in violation of law and Customer fails to remedy the breach within a reasonable period after being notified by Entco in writing of the details. The suspension shall become effective after lapse of the cure period. Customer remains responsible for applicable fees from the date of suspension and throughout the suspension period, including usage and data storage fees. Customer will not be entitled to service credits, if any, during any suspension period.

Termination. Either party may terminate this Agreement on written notice if the other fails to meet any material obligation and fails to remedy the breach within a reasonable period after being notified in writing of the details. If either party becomes insolvent, unable to pay debts when due, files for or is subject to bankruptcy or receivership, or asset assignment, the other party may, if permitted by law, terminate this Agreement and cancel any unfulfilled obligations. Entco may terminate this Agreement where Customer’s access and use rights are suspended pursuant to Section 17 or to comply with applicable laws or regulations. Any terms in the Agreement which by their nature extend beyond termination or expiration of the Agreement will remain in effect until fulfilled and will apply to both parties' respective successors and permitted assigns.

Effect of Expiration or Termination. Except for termination for cause in circumstances where Entco is at fault, termination of this Agreement shall not entitle Customer to any refund, and payment obligations are non-cancelable. Upon expiration or termination of a SaaS Order Term, except as otherwise provided in the Supporting Material:

a. Entco may disable all Customer access to the applicable Entco SaaS, and Customer shall promptly return to Entco (or at Entco’s request destroy) any Licensed Software provided with Entco SaaS; and

b. Entco shall make available Customer-provided SaaS data in the format generally provided by Entco, subject to the terms of the applicable Supporting Material.

General. This Agreement, including its Exhibit 1, which is an integral part thereof, represents our entire understanding with respect to its subject matter and supersedes any previous communication or agreements that may exist. Modifications to this Agreement will be made only through a written amendment signed by both parties. The Agreement will be governed by the laws of the country of Entco or the Entco affiliate accepting the Order and the courts of that locale will have jurisdiction; however, Entco or its affiliate may bring suit for payment in the country where the Customer affiliate that placed the Order is located. Customer and Entco agree that the United Nations Convention on Contracts for the International Sale of Goods will not apply. Claims arising or raised in the United States will be governed by the laws of the state of California, excluding rules as to choice and conflicts of law.

Exhibit 1 – DATA PROTECTION

A: Data Protection Provisions

To the extent Entco has access to Customer´s personal data for performing Software-as-a-Service (hereinafter “SaaS”), the Parties agree to apply the terms described below. Entco shall apply those technical and organizational measures required by the exhibit to § 9 BDSG as set out below under section B.

Underlying SaaS Contract. The terms of the agreement on commissioned data processing are based upon the SaaS contract concluded between the Parties, including the appendixes describing the SaaS services (SaaS data sheets) (the “Contract”). On the basis of the aforementioned Contract, Entco will process the Customer's personal data. The Contract defines the scope, nature, and purpose of the collection, processing and/or use of personal data by Entco, the type of personal data to be processed and the persons affected by the handling of personal data. The Customer may also provide additional written instructions. The duration of the commissioned data processing will be governed by the Contract.

Correcting, blocking, and deleting data. Entco may only correct, delete or block data processed within the scope of the Contract in accordance with the instructions provided by the Customer. If a person asks Entco for information about his/her data or requests that Entco correct or delete his/her data, Entco shall immediately forward the request to the Customer.

Obligations of Entco. To ensure proper processing of personal data, Entco will only use personnel who have entered into confidentiality agreements pursuant to Section 5 of the BDSG. If the security measures implemented by Entco do not satisfy the requirements of the Customer, the Customer will notify Entco immediately. Any errors or irregularities that are identified by the Customer when checking the results, and brought to Entco's attention, will be immediately rectified by Entco. Entco will process personal data and other operating data belonging to the customer only in accordance with the instructions provided by the Customer. Entco will not use the data transmitted for data processing for any other purpose, nor will Entco retain this data for any longer than required by the Customer, save to the extent required by legal retention periods. Copies or duplicates must not be created without informing the Customer. If Entco believes that an instruction from the Customer violates data protection legislation, Entco must notify the Customer. This duty to notify will not include a comprehensive legal review. Subcontracts may only be awarded to subcontractors following written consent by the Customer. A Customer's consent may only be withheld if the Customer has a material reason for doing so. The Customer's consent will be deemed to have been given with respect to subcontractors named by Entco prior to the conclusion of the Contract or which are regularly used by Entco to provide standardized services. If a subcontractor is a company within Entco's corporate group and is based in the European Union (EU) or the European Economic Area (EEA) or a safe third country, a subcontract may be awarded to the subcontractor without the prior written consent of the Customer. Irrespective of this, Entco will always be obliged to exercise due caution when choosing subcontractors and to inform the Customer accordingly. Furthermore, Entco must ensure that the data processing provisions agreed with the Customer also apply to all subcontracts awarded to subcontractors. If a subcontractor is operating outside the European Union (EU) or European Economic Area (EEA), an adequate level of data protection must be established pursuant to Sections 4b and 4c of the BDSG. To this end, the Customer hereby authorizes Entco to execute a controller to processor EU Model Contract (C (2010) 593) on its behalf to cover the transfer of any Customer personal data which originates from the EEA to any Entco Affiliate supporting the SaaS or Professional Services and being located in a country which does not have a finding of adequacy pursuant to Article 25(6) of Directive 95.46/EC (the “Model Contract”).

Entco will immediately inform the Customer of any incidents that must be reported pursuant to Section 42a of the BDSG, any serious operational malfunctions, and any suspected privacy violations or other irregularities that arise while processing the Customer's data. Entco has appointed a competent and reliable data protection officer pursuant to Section 4f of the BDSG.

Control rights of the Customer. The Customer or a representative appointed by the Customer has a right of control with regard to proper processing of personal data and other operational data processed on behalf of the Customer. The rights of control will be exercised in consultation with Entco. Entco is obliged to assist the Customer in such controls and any controls of the competent authorities. These controls must be carried out in consideration of the business processes and Entco's need for security and confidentiality. The control of standardized services will be performed by controlling the test documents professionally created and submitted by Entco. Entco is also obliged to apply the control rights of the Customer to the subcontractors of Entco tasked with processing the Customer's data.

Deletion of data and return of data carriers. After completion of the contractual work or earlier if requested by the Customer - at the latest upon termination of the Contract - Entco must return to the Customer all documents, processing results, usage results, and data sets that relate to the contractual relationship, or to destroy them in a manner compatible with data protection legislation following prior approval by the Customer. The same will apply to test material and rejected material. The manner in which data is deleted must be demonstrated upon request. Entco must retain any documentation serving as proof of commissioned data processing and proper data processing beyond the end of the Contract in accordance with the respective retention periods. To ease the burden on Entco, Entco can choose to hand over such documentation when the Contract terminates.

B. Technical and Organizational Measures pursuant to Section 9 of the German Federal Data Protection Act (BDSG) and the Annex to this Act

The following technical and organizational measures will be implemented by Entco and subject to technical advances and further development in accordance with Section 3 of this DPSA. In this respect, Entco will be allowed to implement adequate alternative measures. The security level of the defined measures must not be compromised. Significant changes must be documented. If authorizations to access systems or applications are necessary to perform the services agreed in the Commercial Agreement, Entco may only award such authorizations, for the intended purpose and to the extent required, to persons tasked with the processing related to the Commercial Agreement. In the event that Entco needs to telework in order to perform certain activities, Entco will use appropriate measures to ensure the necessary level of protection and security. Entco will inform Customer of such measures upon request. Entco will also ensure that appropriate controls are implemented.

Entry Control. Entry to buildings, rooms, and facilities in which Customer Personal Data is collected, processed or used, will be restricted to authorized persons. To ensure secure entry to company buildings and rooms, and the identification of authorized persons, Entco will deploy and use effective and appropriate access controls such as electronic smart cards, door locking systems, and technical surveillance equipment. Such controls will be at the individual person level as appropriate. Furthermore, appropriate and effective surveillance equipment such as video and alarm systems will be installed.

Access Control. In order to obtain access to Entco's technical systems, applications and net-works, a password-protected user master record (known as the personal user account) must be set up. The authorized user will then use this account to authenticate him-self/herself to the system or application. When leaving a computer, the user must log off accordingly. When assigning a password, user authentication must be sufficiently secure. The user account must be formally requested, approved by the relevant supervisor, and the assignment documented. Entco has outlined the design, use, and personal scope of the password in a password policy whose compliance is supported technically. Applications and communication connections will force re-authentication when certain thresholds are reached (maximum session duration, failed logons, etc.). Any systems vulnerable to attack by malicious software will be equipped with the latest protection.

Authorization Control. Entco will grant access authorizations on a "need-to-know" and "need-to-do" basis (lowest possible rights). Examples include access authorizations for task-related authorization schemes, user profiles, and functional roles. An access authorization will be sought on the basis of the role scheme and approved by the relevant supervisor. Additional control instances will be integrated into the approval process. For technical access security, Entco will use recognized security systems such as RACF, Active Directory, etc. Existing user accounts will be checked periodically and deleted or changed in the event that a user's tasks change. The responsibility for user accounts must be clearly assigned; representations are defined allowed in the current policies.

Disclosure Control. Technical (protection when saving and transferring data) Entco will ensure the integrity of Customer Personal Data stored and disclosed within the data processing systems and applications through the use of plausibility checks and/or verification procedures. The confidentiality of Customer Personal Data outside Entco's area of responsibility (for example, third-party networks and radio networks) will be ensured through authentication and/or encryption. Remote access to networks that house Customer's systems and applications will be encrypted and only granted after authentication. Several factors will be associated with particularly sensitive data (for example, password and hardware token). Networks that house Customer's systems and applications will be separated from other networks through the use of proxies, firewalls "with stateful inspection", and a network address translation (NAT). In addition to Secure Socket Layer (SSL) encryption and the use of VPN technology, secure Internet communication will be achieved through the use of firewall systems and continuously updated virus software. Data carriers will be transported in encrypted form only.

Receiver control (traceability of planned transfers). The purpose, type, origin and destination of each automatic data exchange with third-party systems and networks will be documented.

Input Control. In general, Entco will log all data input and output activity undertaken by users and administrators using the systems and applications, and will check this data for irregularities on a regular basis. The logs will be archived in accordance with the content and/or statutory requirements. Alternatively, they will be deleted once they have fulfilled their purpose or they will be blocked against further processing. Predominantly automated reconciliation procedures and controls will ensure effective processing. Log data will be stored securely and the use of audit tools will be limited to authorized users.

Task Control. Entco will process the entrusted data only in accordance with the contractually agreed instructions received from Customer. Control measures will be defined in consultation with Customer and then technically or organizationally incorporated into the operations. Entco will only engage the services of subcontractors in accordance with the requirements of the contractual provisions.

Availability Control. Entco will use off-site backup data centers for this purpose. Systems will be protected against attacks from outside. The availability of data and systems in data centers will be ensured through appropriate measures such as system redundancy, battery backup against power outages, air conditioning, and protection against other harmful environmental agents and sabotage. The relevant facilities will be maintained and tested on a regular basis, in accordance with manufacturer specifications. Archive data will be generated in accordance with the respective applicable requirements. To ensure a reliable recovery in the event of a serious malfunction, flow definitions for continuity plans will be developed, tested on a regular basis, and kept highly available.

Separation Control. Systems and applications will be geared specifically towards purpose-specific and Customer-separate processing. There will be a functional separation between production systems and test systems. The test data in production systems may only be used following consultation with Customer, and only if the test system's security is comparable with that of the production system. Tests will not reduce the level of protection in terms of confidentiality, integrity or availability of Customer Personal Data.